{"id":244569,"date":"2026-06-05T16:07:46","date_gmt":"2026-06-05T16:07:46","guid":{"rendered":"https:\/\/entertainment.runfyers.com\/index.php\/2026\/06\/05\/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person-techcrunch\/"},"modified":"2026-06-05T16:07:46","modified_gmt":"2026-06-05T16:07:46","slug":"google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person-techcrunch","status":"publish","type":"post","link":"https:\/\/entertainment.runfyers.com\/index.php\/2026\/06\/05\/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person-techcrunch\/","title":{"rendered":"Google and FBI warn of ransomware group that sends fake IT workers to hack victims in person | TechCrunch"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">A ransomware gang has escalated its attacks on law firms by sometimes sending fake IT workers in person to the victims\u2019 offices, where the imposters steal data directly from the victims\u2019 computers using USB drives or help other gang members connect to the computers remotely, according to Google and the FBI.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">On Friday, Google\u2019s cybersecurity teams Mandiant and Google Threat Intelligence Group <a href=\"http:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/targeted-campaign-us-law-firms\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">published a new report<\/a> accusing the cybercriminal gang known as Silent Ransom Group of attempting to steal victims\u2019 information \u201cusing physical, in-person access\u201d in attacks from January through May of this year that targeted \u201cdozens\u201d of victims.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cMandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks,\u201d Mandiant chief technology officer Charles Carmakal told TechCrunch in a statement, adding that the company has seen this tactic used in other cases over the years as well.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Last month, <a href=\"https:\/\/www.ic3.gov\/CSA\/2026\/260526.pdf\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">the FBI published an alert<\/a> warning that Silent Ransom Group had been targeting law firms with social engineering and phishing attacks pretending to be IT support employees. But in some cases, the group sent fake IT support personnel to the victims\u2019 offices, where they connected to employees\u2019 computers and used USB drives or remote access tools to steal data such as contracts, personal information like Social Security numbers, and financial and tax records.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">An FBI spokesperson told TechCrunch: \u201cWe can confirm we have seen multiple instances of individuals impersonating IT support who have gained or attempted to gain physical in-person access to victim companies\u2019 offices and\/or devices as part of Silent Ransom Group\u2019s scheme to exfiltrate data.\u201d<\/p>\n<p class=\"wp-block-paragraph\">In what is now a common extortion tactic \u2014 one that does not involve actually encrypting the victims\u2019 data as in traditional ransomware attacks \u2014 the gang has its own leak site, where it threatens victims with publishing their stolen data, and then publishes it if the victim doesn\u2019t pay. <\/p>\n<div class=\"article-block block--callout block--right has-green-500-background-color\">\n<h4 class=\"block--callout__title\">Contact Us<\/h4>\n<p>\t\t\tDo you have more information about these hacking campaigns? Or other data breaches? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or <a href=\"https:\/\/techcrunch.com\/2026\/06\/05\/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person\/mailto:lorenzo@techcrunch.com\/\" target=\"_blank\" rel=\"noopener\">email<\/a><a href=\"https:\/\/techcrunch.com\/2026\/06\/05\/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person\/mailto:lorenzo@techcrunch.com\/\" target=\"_blank\" rel=\"noopener\">.<\/a>\t\t<\/div>\n<p class=\"wp-block-paragraph\">That often happens after the hackers email victims directly to threaten them.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cIn case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data,\u201d the hackers wrote to one victim, according to Google.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">According to Google\u2019s report, the hackers also use more traditional methods, such as phishing emails, follow-up phone calls, and social engineering. The cybercriminals pretend to be the company\u2019s IT support to trick victims into granting access to their computers.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe callers use a variety of verbal instructions to guide target behavior. Under the guise of addressing a security issue or aiding with a corporate data migration project, they build trust and direct the target to join a screen-sharing session,\u201d Google\u2019s researchers wrote. The hackers then bypass security controls by convincing victims to download and open screen-sharing applications, or by using screen-sharing features in apps like Zoom or Microsoft Teams.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">While hackers most of the time steal data remotely via malware or phishing attacks, these cases show that some hackers are now willing to take their crimes one step further, mixing traditional hacking techniques with physical intrusions in what is a novel and significant escalation.\u00a0<\/p>\n<\/div>\n<p><em>When you purchase through links in our articles, <a href=\"https:\/\/techcrunch.com\/techcrunch-affiliate-monetization-standards\/\" target=\"_blank\" rel=\"noopener\">we may earn a small commission<\/a>. This doesn\u2019t affect our editorial independence.<\/em><\/p>\n<p><br \/>\n<br \/><a href=\"https:\/\/techcrunch.com\/2026\/06\/05\/google-and-fbi-warn-of-ransomware-group-that-sends-fake-it-workers-to-hack-victims-in-person\/\" target=\"_blank\" rel=\"noopener\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A ransomware gang has escalated its attacks on law firms by sometimes sending fake IT workers in person to the victims\u2019 offices, where the imposters steal data directly from the victims\u2019 computers using USB drives or help other gang members connect to the computers remotely, according to Google and the FBI.\u00a0 On Friday, Google\u2019s cybersecurity [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":244570,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":{"0":"post-244569","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech"},"_links":{"self":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/244569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/comments?post=244569"}],"version-history":[{"count":0,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/posts\/244569\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media\/244570"}],"wp:attachment":[{"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/media?parent=244569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/categories?post=244569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/entertainment.runfyers.com\/index.php\/wp-json\/wp\/v2\/tags?post=244569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}